Skip to main content
Learn how to securely transfer session state from your client application to your server for performing operations on behalf of authenticated users.

Exporting Sessions for Server-Side Operations

Use waitAndExportSession() when you need to transfer an authenticated user’s session state to your server. 
const serializedSession = await para.waitAndExportSession();

await fetch("/api/import-session", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ session: serializedSession }),
});
waitAndExportSession() waits until the SDK has reached an authenticated state before exporting session data. Use it for client-to-server handoff flows immediately after login.
By default, the exported session includes signer data so your server can sign for the user. If your server needs to sign messages or transactions, do not use excludeSigners.
If the server only needs to validate the user’s session and does not need signing capabilities, export without signer data: 
const sessionWithoutSigners = await para.waitAndExportSession({
  excludeSigners: true,
});

Importing Sessions

For cases where you need to import a previously exported session back into a Para client instance: 
const para = new Para(apiKey);

await para.importSession(exportedSessionString);

const isActive = await para.isSessionActive();
A Para instance can hold one active session at a time. On the server, create a fresh ParaServer instance for each imported user session.

Server-Side Implementation

To learn more about handling sessions on the server, check out the following guide:

Best Practices

  • Export for the operation you need: Include signer data only when your server will sign for the user.
  • Secure transmission: Always use HTTPS when transmitting exported sessions to your server. Do not log serialized sessions.
  • Session validation: Verify the session validity on your server before performing authenticated operations.